US12335373B2 - Method for performing cryptographic operations in a processing device, corresponding processing device and computer program product - Google Patents

Method for performing cryptographic operations in a processing device, corresponding processing device and computer program product Download PDF

Info

Publication number
US12335373B2
US12335373B2 US17/839,109 US202217839109A US12335373B2 US 12335373 B2 US12335373 B2 US 12335373B2 US 202217839109 A US202217839109 A US 202217839109A US 12335373 B2 US12335373 B2 US 12335373B2
Authority
US
United States
Prior art keywords
branch
output
encryption
generating
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active, expires
Application number
US17/839,109
Other versions
US20220417012A1 (en
Inventor
Ruggero Susella
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
STMicroelectronics SRL
Original Assignee
STMicroelectronics SRL
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by STMicroelectronics SRL filed Critical STMicroelectronics SRL
Priority to CN202210734959.2A priority Critical patent/CN115603892A/en
Assigned to STMICROELECTRONICS S.R.L. reassignment STMICROELECTRONICS S.R.L. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: SUSELLA, RUGGERO
Publication of US20220417012A1 publication Critical patent/US20220417012A1/en
Application granted granted Critical
Publication of US12335373B2 publication Critical patent/US12335373B2/en
Active legal-status Critical Current
Adjusted expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/002Countermeasures against attacks on cryptographic mechanisms
    • H04L9/003Countermeasures against attacks on cryptographic mechanisms for power analysis, e.g. differential power analysis [DPA] or simple power analysis [SPA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0631Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0863Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms

Definitions

  • the present description relates to techniques for performing cryptographic operations on data in a processing device comprising an encryption procedure.
  • Various embodiments may apply, e.g., to smartcard, microcontrollers, Internet of Things chips, set-top-box using an encryption or digital signature scheme.
  • Cryptographic protocols are abstract or concrete protocols that perform a security-related function and apply cryptographic methods, often as sequences of cryptographic primitives.
  • SCA Vertical Side Channel Attacks
  • the attacker can encrypt arbitrary data (input) using the device, in order to get the cryptographic key used by the encryption algorithm.
  • the attackers record side channel information during encryption of known input data, the side channel being represented by power consumption, electromagnetic radiation, or other similar quantities.
  • the side channel is linked with the data processed by the device, which are the cryptographic key and the attacker's data fed as input, which represent therefore known data.
  • the attacker records many “traces” with different known input data and a constant unknown key, making hypotheses on the value of a portion of the cryptographic key, and uses statistical methods to verify such hypotheses using the traces. To apply such statistical methods the attacker needs to use many traces, each with different and known input data and constant key.
  • a known solution to defend from such attacks is to use an implementation with SCA protection, which however cannot make use of existing non-protected hardware, while it is often too late or too costly to embed protected hardware. Also it is not always possible to switch to protected software implementation, because of anti-reverse engineering constraints, as protected software must not be visible to attackers. Also protected software requires secret random (secret even for legitimate user). Finally there may be a significant downgrade of the performance.
  • KDF Key Derivation Function
  • LR-KDF Leakage Resilient Key Derivation Function
  • LR-KDF implemented on commonly available unprotected crypto hardware accelerators may represent an attractive solution if one cannot afford DPA protected solutions and/or wants to leverage existing hardware.
  • a method comprises: executing cryptographic operations on data using cryptographic circuitry; and protecting, using the cryptographic circuitry, the cryptographic operations during the executing.
  • the executing and protecting includes: generating an initialization vector; generating, using the initialization vector and a secret key, one or more unique keys; encrypting, using a first branch of the cryptographic circuitry, a constant associated with the first branch, using, as an encryption key, a key of the one or more unique keys that is associated with the first branch, generating a first output of the first branch; encrypting, using a second branch of the cryptographic circuitry, a constant associated with the second branch, using, as an encryption key, a key of the one or more unique keys that is associated with the second branch, generating a first output of the second branch; XORing the first output of the first branch, the first output of the second branch, and a first portion of plaintext data, generating a first portion of cypher text; encrypting, using the first branch of the crypto
  • a cryptographic device comprises: a first encryption branch comprising a plurality of cryptographic circuits coupled together in series; a second encryption branch comprising a plurality of cryptographic circuits coupled together in series; and XOR circuitry coupled to the first encryption branch and to the second encryption branch, wherein, the cryptographic device, in operation, executes cryptographic operations on data and protects the cryptographic operations during the executing.
  • the executing and protecting includes: encrypting, using the first branch of the cryptographic circuitry and an encryption key associated with the first branch, a constant associated with the first branch, generating a first output of the first branch; encrypting, using the second branch of the cryptographic circuitry and an encryption key associated with the second branch, a constant associated with the second branch, generating a first output of the second branch; XORing, using the XOR circuitry, the first output of the first branch, the first output of the second branch, and a first portion of plaintext data, generating a first portion of cypher text; encrypting, using the first branch of the cryptographic circuitry and the encryption key associated with the first branch, the first output of the first branch, generating a second output of the first branch; encrypting, using the second branch of the cryptographic circuitry and the encryption key associated with the second branch, the first output of the second branch, generating a second output of the second branch; and XORing, using the XOR circuitry, the second
  • a system comprises: processing circuitry; and memory coupled to the processing circuitry, wherein the processing circuitry, in operation: encrypts, using an encryption key associated with a first encryption branch, a constant associated with the first encryption branch, generating a first output of the first encryption branch; encrypts, using an encryption key associated with a second encryption branch, a constant associated with the second encryption branch, generating a first output of the second encryption branch; XORs the first output of the first encryption branch, the first output of the second encryption branch, and a first portion of plaintext data, generating a first portion of cypher text; encrypts, using the encryption key associated with the first encryption branch, the first output of the first encryption branch, generating a second output of the first encryption branch; encrypts, using the encryption key associated with the second encryption branch, the first output of the second encryption branch, generating a second output of the second encryption branch; and XORs the second output of the first encryption branch, the second output of the second encryption branch, and
  • a non-transitory computer-readable medium's contents cause cryptographic circuitry to perform a method, the method comprising: executing cryptographic operations on data; and protecting the cryptographic operations during the executing, the executing and protecting including: generating an initialization vector; generating, using the initialization vector and a secret key, one or more unique keys; encrypting, using a first branch of the cryptographic circuitry, a constant associated with the first branch, using, as an encryption key, a key of the one or more unique keys that is associated with the first branch, generating a first output of the first branch; encrypting, using a second branch of the cryptographic circuitry, a constant associated with the second branch, using, as an encryption key, a key of the one or more unique keys that is associated with the second branch, generating a first output of the second branch; XORing the first output of the first branch, the first output of the second branch, and a first portion of plaintext data, generating a first portion of cypher text;
  • FIG. 1 represent a block scheme of an embodiment of processing device implementing the method here described
  • FIG. 2 represents a detail of a possible embodiment of a block of FIG. 1 ;
  • references to “an embodiment” or “one embodiment” in the framework of the present description is meant to indicate that a particular configuration, structure, or characteristic described in relation to the embodiment is comprised in at least one embodiment.
  • particular conformations, structures, or characteristics can be combined appropriately in one or more embodiments.
  • the solution here described refers to a method of for performing cryptographic operations on data in a processing device comprising a Leakage resilient encryption procedure, which comprises a Leakage Resilient key derivation function which derives a different key for each message from the same master key, which makes use of a double Output FeedBack.
  • a system for encryption 50 includes a random number generator 21 generating an initialization vector IV, having in the example here discussed 128 bits. Such binary sequence IV is fed to a Leakage Resilient Key Derivation Function, or LR-KDF, generator 10 together with a master encryption key MK to obtain a derived key K 0 .
  • LR-KDF Leakage Resilient Key Derivation Function
  • the initialization vector IV is a not repeating, in particular random, binary sequence, which is generated by an initialization vector generator.
  • the initialization vector IV is a random vector generated by a random generator as in the example, however it can be for instance generated by a monotonic counter, which generates increasing, thus not repeating, numbers.
  • the derived key K 0 is fed to two branches 31 a and 31 b in parallel, each branch comprising a plurality of invocations of AES cipher, represented by blocks 11 , in series.
  • Such derived key K 0 is fed as encryption key while to the first AES cipher 11 in the first branch 31 a is fed as input a first constant CNa, in the example 0 . . . 000, while to the first AES operation of the second branch 31 b is fed a second constant CNb, in the example 0 . . . 001, different from said first constant CNa.
  • the outputs Oa 0 , Ob 0 of the first AES cipher 11 , constant CNa, CNb AES encrypted with the derived key K 0 , in the first and second branch 31 a , 31 b are brought to a first XOR block X 0 performing a XOR operation between them and a first portion P 0 , having a given length, of a plaintext P.
  • the first portion P 0 is a portion of 128 bits of length.
  • the output of the first XOR block X 0 is a first portion C 0 of a ciphertext C.
  • the outputs of the first invocation of the AES cipher 11 represent a keystream which is supplied to the first XOR block X 0 to encode the first portion P 0 of plaintext obtaining the first portion C 0 of a ciphertext C.
  • the first XOR block X 0 is a three input XOR, which, as known, performs first a XOR on two on the inputs producing a result and then performs the XOR of such result with the third input.
  • the first XOR function X 0 is implemented by first performing a XOR operation between the outputs Oa 0 , Ob 0 of the first encryption operations on each encryption branch 31 a , 31 b , then the result of such first XOR operation is XOR-ed with the first portion P 0 of the plaintext. This avoids that an attacker can, during a decryption, ask decryption of the same message more times.
  • This implementation may be used also in the subsequent XOR functions, e.g., X 1 , . . . , to produce subsequent portions of cipher text, e.g., C 1 , as described in the following description.
  • the outputs Oa 0 , Ob 0 are then also supplied to a subsequent, in particular second, respective invocation of the AES cipher 11 together with the derived key K 0 .
  • Second outputs Oa 1 , Ob 1 of the second AES cipher 11 in the first and second branch 31 a , 31 b are brought to a second XOR block X 1 performing a XOR operation between them and a second portion P 1 , of such given length, of such a plaintext P.
  • the output of the second XOR block X 1 is a second portion C 1 of the ciphertext C. Therefore, the outputs of the subsequent invocation of the AES cipher 11 represent a keystream which is supplied to the second XOR block X 1 to encode the second portion P 1 of plaintext obtaining the second portion C 0 of a ciphertext C.
  • a chain of cipher blocks 11 or better invocation of ciphers, in particular AES, is provided, which output is provided as keystream to a XOR which encodes a portion of the plaintext in a portion of ciphertext.
  • the first block of the chain is initiated with a constant, instead that with the output of the previous block.
  • each of the branches 31 a and 31 b basically correspond to an OFB encryption, since each block cipher operation, depends on all previous ones, and so is not performed in parallel.
  • the circuit of FIG. 1 is configured as a double OFB encryption, as the XOR operation is carried out on both the outputs of the OFB branches 31 a and 31 b and the portion of plaintext.
  • blocks 11 represents an invocation of cipher block encryption in general, in the example AES encryption.
  • a method is described to perform cryptographic operations on data in a processing device comprising a Leakage resilient encryption procedure, which comprises a Leakage Resilient key derivation function which derives a different key for each message from the same master key,
  • Said encryption branches include each a chain of cipher blocks 11 , or invocation to a same cipher block, e.g., AES, which receive the derivation key as encryption key.
  • the output of each cipher 11 having the same position in the chain in each branch is brought as input of a XOR together with a portion of ciphertext.
  • Each encryption branch 31 a , 31 b performs therefore a first encryption operation invoking the cipher block encryption 11 using such at least a derivation key K 0 as encryption key and receiving a respective first constant CNa and second constant CNb as input to be encrypted, the outputs Oa 0 , Ob 0 of the first encryption operations on each encryption branch 31 a , 31 b and a first portion P 0 of a plaintext being the inputs of a first XOR function X 0 producing a first portion of cipher text C 0 .
  • the cipher blocks 11 subsequent with respect to the first block which number, the number of invocations, depends on the length of the message to be encrypted, e.g., cipher text
  • the LR-KDF generator 10 can be implemented by different KDF procedures or algorithms.
  • Leakage Resilient encryption The basic requirement of Leakage Resilient encryption is that a key can be used for a very limited number of times. However users may desire to have a master key which lasts a long time, for example, for years.
  • KDF Key Derivation Function
  • the system 50 of FIG. 1 includes one or more processors P, one or more memories M, and discrete circuitry DC, which may be employed in various combinations to implement the functionality of the system 50 .
  • Such functionality may include the encrypting and protection operations described herein, as well as other functional operations of the system 50 , such as operations associated with smartcards, microcontrollers, Internet of Things chips, set-top-boxes, etc., using an encryption or digital signature scheme.
  • FIG. 2 it is shown a chain to obtain a derived key from a master key, which may be the LR-KDF generator 10 .
  • a master key MK is supplied to an invocation of a cipher 11 , e.g., a cipher performing AES (Advanced Encryption Standard) encryption, block 11 which receives the first bit NC 0 of a nonce NC, e.g., a number, such as a random number, used only once, which can be seen as a plaintext to be encrypted by the AES 11 .
  • the output of the encryption, IK 0 is used as key for another invocation of the AES cipher 11 together with the following bit NC 1 of the nonce NC.
  • blocks 11 represent cipher block encryption in general, in the example AES encryption and the unique cipher block encryption module, e.g., unique AES module, can perform sequentially also the cipher block encryptions 11 of the LR-KDF generator 10 .
  • the initialization vector IV is randomly generated internally at the encryption system 50 , and not passed from outside. Random generation with respect to using the monotonic counter avoids the necessity of saving the monotonic counter value and avoiding its modification.
  • the initialization vector IV does not repeat.
  • the initialization vector IV is a nonce.
  • the random internally generated initialization vector IV is input to LR-KDF generator 10 to generate the derived key K 0 which is the derived key used to generate 2 OFB streams.
  • K 0 is not known, under the LR-KDF assumptions, an attacker would not know the input values to the AES 11 in the AES-OFB, except for the first constant, e.g., 0 . . . 00, and second constant 0 . . . 01.
  • Knowledge of plaintext P and ciphertext C does not allow attacker to recover the input values to the AES blocks 11 .
  • two different derived keys can be generated by a same LR-DF generator or two LR-KDF generators, keys K 0 , K 1 respectively, and supplied to the respective OFB branches 31 a , 31 b .
  • the first constant CNa and the second constant CNb may or may not be different.
  • the key generator 10 of FIG. 2 includes one or more processors P, one or more memories M, and discrete circuitry DC, which may be employed in various combinations to implement the functionality of the key generator 10 .
  • An authentication module may be arranged downstream the branches 31 a and 31 b .
  • This authentication module may be implemented for instance according to authentication schemes described in Berti, Koeune, Pereira, Peters, Standaert, “Leakage-Resilient and Misuse-Resistant Authenticated Encryption,” Published 2016, Computer Science, IACR Cryptol., or Medwed, Standaert, Joux, “Towards Super - Exponential Side - Channel Security with Efficient Leakage - Resilient PRFs ,” in Prouff, E., Schaumont, P. (eds.) Cryptographic Hardware and Embedded Systems—CHES 2012—14th International Workshop, Leuven, Belgium, Sep. 9-12, 2012. Proceedings. Lecture Notes in Computer Science, vol. 7428, pp. 193-212. Springer (2012).
  • the solution here described may be applied not only to a Leakage resilient encryption procedure, which comprises a Leakage Resilient key derivation function which derives a different key for each message from the same master key, but also to an encryption procedure in which at least a unique key is supplied to the OFB structure. Therefore, the solution in general refers to a method for performing cryptographic operations on data in a processing device comprising an encryption procedure,
  • the solution here described facilitates a new mode of operation which is leakage resilient (DPA resistant).
  • DPA resistant leakage resilient
  • Such mode operates by having a first nonce-based key derivation and using the derived key or keys to generate more than one keystream without having the input, the plaintext, being processed by the cipher, but just combined with the keystream, performing an exclusive OR with the keystream, to obtain the ciphertext.
  • a method for performing cryptographic operations on data in a processing device includes an encryption procedure, said method may be summarized as including generating a not repeating, in particular random, initialization vector (IV) by an initialization vector generator, in particular random generator ( 21 ), obtaining at least a unique key (K 0 ; K 0 ,K 1 ), supplying said at least a unique key (K 0 ; K 0 ,K 1 ) as encryption key to a pair of output feedback encryption branches ( 31 a , 31 b ), each encryption branch ( 31 a , 31 b ) performing a first encryption operation invoking an encryption block cipher ( 11 ) performing an encryption operation using said at least a unique key (K 0 ; K 0 ,K 1 ) as encryption key and receiving a respective first (CNa) and second (CNb) constant as input to be encrypted, the outputs (Oa 0 , Ob 0 ) of said first encryption operations on each encryption branch ( 31 a , 31 b
  • said at least a unique key (K 0 ; K 0 ,K 1 ) may be a single unique key (K 0 ) and said first and second constants (CNa, CNb) may be different one with respect to the other.
  • two unique keys may be sent respectively to the first branch ( 31 a ) and to the second branch ( 31 b ) and said first and second constants (CNa, CNb) may be equal.
  • said initialization vector (IV) may be generated as a nonce.
  • the method may include an authenticated encryption procedure on the cipher text obtained.
  • Said cipher block ( 11 ) may be an AES cipher.
  • having the outputs (Oa 0 , Ob 0 ) of the first encryption operations on each encryption branch ( 31 a , 31 b ) and a first portion (P 0 ) of a plaintext being the inputs of a first XOR function (X 0 ) producing a first portion of cipher text (C 0 ) may be implemented by first performing a first XOR between the outputs (Oa 0 , Ob 0 ) of the first encryption operations on each encryption branch ( 31 a , 31 b ) then on the result of such first XOR operation may be performed a XOR with the first portion P 0 of the plaintext, producing said first portion of cipher text (C 0 ), the subsequent XOR functions (X 1 ) being also so implemented to produce subsequent portions of cipher text (C 1 ).
  • said encryption procedure may be a Leakage resilient encryption procedure, which may include a Leakage Resilient key derivation function which derives a different key for each message from the same master key, said method including performing a Leakage Resilient key derivation function using a master encryption key (MK) and said initialization vector (IV) as inputs of a key derivation function chain ( 10 ), obtaining at least a derivation key (K 0 ; K 0 ,K 1 ) as said unique key (K 0 ; K 0 ,K 1 ).
  • MK master encryption key
  • IV initialization vector
  • a processing device ( 10 ) may be configured to perform the steps of the methods disclosed herein.
  • the processing device may include a random generator ( 21 ) for generating said random initialization vector (IV), a unique key generator ( 10 ) configured to obtain said at least a unique key (K 0 ; K 0 ,K 1 ), an encryption arrangement may include a pair of output feedback encryption branches ( 31 a , 31 b ), each encryption branch ( 31 a , 31 b ) may include a chain of invocations of an encryption block cipher ( 11 ), each output of a previous encryption block cipher being the input of the following encryption block cipher, which receives said at least a unique key (K 0 ; K 0 ,K 1 ) as encryption key, the first encryption block cipher ( 11 ) receiving the respective first (CNa) and second (CNb) constant as input to be encrypted, said encryption arrangement may include also a plurality of blocks (X 0 , X 1 ) performing a XOR function, the output of each cipher ( 11 ) having the same position in the chain of encryption branch ( 31
  • Said unique key generator ( 10 ) may be configured to obtain said at least a unique key (K 0 ; K 0 ,K 1 ) and may be a Leakage Resilient key derivation function generator ( 10 ) configured to obtain said at least a derivation key (K 0 ; K 0 ,K 1 ),
  • a computer program product that can be loaded into the memory of at least one computer and may be summarized as including parts of software code that are able to execute the steps of the methods disclosed herein when the product is run on at least one computer.
  • a method comprises: executing cryptographic operations on data using cryptographic circuitry; and protecting, using the cryptographic circuitry, the cryptographic operations during the executing.
  • the executing and protecting includes: generating an initialization vector; generating, using the initialization vector and a secret key, one or more unique keys; encrypting, using a first branch of the cryptographic circuitry, a constant associated with the first branch, using, as an encryption key, a key of the one or more unique keys that is associated with the first branch, generating a first output of the first branch; encrypting, using a second branch of the cryptographic circuitry, a constant associated with the second branch, using, as an encryption key, a key of the one or more unique keys that is associated with the second branch, generating a first output of the second branch; XORing the first output of the first branch, the first output of the second branch, and a first portion of plaintext data, generating a first portion of cypher text; encrypting, using the first branch of the crypto
  • the one or more unique keys comprise a single unique key associated with both the first branch and the second branch; and the constant associated with the first branch and the constant associated with the second branch are different constants. In an embodiment, the one or more unique keys comprise a first unique key associated with the first branch and a second, different unique key associated with the second branch; and the constant associated with the first branch and the constant associated with the second branch are equal. In an embodiment, the method comprises generating the initialization vector as a nonce. In an embodiment, the method comprises executing an authentication procedure on the first and second portions of cipher text. In an embodiment, the encrypting by the first and second branches comprises applying AES ciphering.
  • the XORing the first output of the first branch, the first output of the second branch, and the first portion of plaintext data comprises: XORing the first output of the first branch with the first output of the second branch, generating a first XOR result; and XORing the first XOR result with the first portion of plaintext data, generating the first portion of cypher text; and the XORing the second output of the first branch, the second output of the second branch, and the second portion of plaintext data comprises: XORing the second output of the first branch with the second output of the second branch, generating a second XOR result; and XORing the second XOR result with the second portion of plaintext data, generating the second portion of cypher text.
  • the generating, using the initialization vector and a secret key, the one or more unique keys comprises: performing a leakage resilient key derivation function using a master encryption key and the initialization vector (IV) as inputs to a key derivation function chain.
  • a cryptographic device comprises: a first encryption branch comprising a plurality of cryptographic circuits coupled together in series; a second encryption branch comprising a plurality of cryptographic circuits coupled together in series; and XOR circuitry coupled to the first encryption branch and to the second encryption branch, wherein, the cryptographic device, in operation, executes cryptographic operations on data and protects the cryptographic operations during the executing.
  • the executing and protecting includes: encrypting, using the first branch of the cryptographic circuitry and an encryption key associated with the first branch, a constant associated with the first branch, generating a first output of the first branch; encrypting, using the second branch of the cryptographic circuitry and an encryption key associated with the second branch, a constant associated with the second branch, generating a first output of the second branch; XORing, using the XOR circuitry, the first output of the first branch, the first output of the second branch, and a first portion of plaintext data, generating a first portion of cypher text; encrypting, using the first branch of the cryptographic circuitry and the encryption key associated with the first branch, the first output of the first branch, generating a second output of the first branch; encrypting, using the second branch of the cryptographic circuitry and the encryption key associated with the second branch, the first output of the second branch, generating a second output of the second branch; and XORing, using the XOR circuitry, the second
  • the encryption key associated with the first branch and the encryption key associated with the second branch are a same encryption key; and the constant associated with the first branch and the constant associated with the second branch are different constants.
  • the encryption key associated with the first branch and the encryption key associated with the second branch are different encryption keys; and the constant associated with the first branch and the constant associated with the second branch are a same constant.
  • the cryptographic device comprises a key generator coupled to the first and second encryption branches, wherein the key generator, in operation, generates one or more unique keys based on an initialization vector and a master key.
  • the key generator comprises a leakage resilient key derivation function chain having a plurality of AES circuits coupled together in series.
  • the cryptographic device comprises a random number generator, which, in operation, generates the initialization vector. In an embodiment, the cryptographic device comprises a monotonic counter, which, in operation, generates the initialization vector. In an embodiment, the cryptographic device, in operation, executes an authentication procedure on the first and second portions of cipher text.
  • the plurality of cryptographic circuits of the first cryptographic branch comprise a plurality of AES circuits coupled together in series; and the plurality of cryptographic circuits of the second cryptographic branch comprise a plurality of AES circuits coupled together in series.
  • the XOR circuitry in operation, XORs the first output of the first branch with the first output of the second branch, generating a first XOR result; XORs the first XOR result with the first portion of plaintext data, generating the first portion of cypher text; XORs the second output of the first branch with the second output of the second branch, generating a second XOR result; and XORs the second XOR result with the second portion of plaintext data, generating the second portion of cypher text.
  • a system comprises: processing circuitry; and memory coupled to the processing circuitry, wherein the processing circuitry, in operation: encrypts, using an encryption key associated with a first encryption branch, a constant associated with the first encryption branch, generating a first output of the first encryption branch; encrypts, using an encryption key associated with a second encryption branch, a constant associated with the second encryption branch, generating a first output of the second encryption branch; XORs the first output of the first encryption branch, the first output of the second encryption branch, and a first portion of plaintext data, generating a first portion of cypher text; encrypts, using the encryption key associated with the first encryption branch, the first output of the first encryption branch, generating a second output of the first encryption branch; encrypts, using the encryption key associated with the second encryption branch, the first output of the second encryption branch, generating a second output of the second encryption branch; and XORs the second output of the first encryption branch, the second output of the second encryption branch, and
  • the encryption key associated with the first encryption branch and the encryption key associated with the second encryption branch are a same encryption key; and the constant associated with the first encryption branch and the constant associated with the second encryption branch are different constants. In an embodiment, the encryption key associated with the first branch and the encryption key associated with the second branch are different encryption keys; and the constant associated with the first branch and the constant associated with the second branch are a same constant.
  • the processing circuitry in operation, XORs the first output of the first cryptographic branch with the first output of the second cryptographic branch, generating a first XOR result; XORs the first XOR result with the first portion of plaintext data, generating the first portion of cypher text; XORs the second output of the first cryptographic branch with the second output of the second cryptographic branch, generating a second XOR result; and XORs the second XOR result with the second portion of plaintext data, generating the second portion of cypher text.
  • a non-transitory computer-readable medium's contents cause cryptographic circuitry to perform a method, the method comprising: executing cryptographic operations on data; and protecting the cryptographic operations during the executing, the executing and protecting including: generating an initialization vector; generating, using the initialization vector and a secret key, one or more unique keys; encrypting, using a first branch of the cryptographic circuitry, a constant associated with the first branch, using, as an encryption key, a key of the one or more unique keys that is associated with the first branch, generating a first output of the first branch; encrypting, using a second branch of the cryptographic circuitry, a constant associated with the second branch, using, as an encryption key, a key of the one or more unique keys that is associated with the second branch, generating a first output of the second branch; XORing the first output of the first branch, the first output of the second branch, and a first portion of plaintext data, generating a first portion of cypher text;
  • the contents comprise instructions executed by the cryptographic circuitry.
  • a computer readable medium comprising a computer program adapted to perform one or more of the methods or functions described above.
  • the medium may be a physical storage medium, such as for example a Read Only Memory (ROM) chip, or a disk such as a Digital Versatile Disk (DVD-ROM), Compact Disk (CD-ROM), a hard disk, a memory, a network, or a portable media article to be read by an appropriate drive or via an appropriate connection, including as encoded in one or more barcodes or other related codes stored on one or more such computer-readable mediums and being readable by an appropriate reader device.
  • ROM Read Only Memory
  • DVD-ROM Digital Versatile Disk
  • CD-ROM Compact Disk
  • some or all of the methods and/or functionality may be implemented or provided in other manners, such as at least partially in firmware and/or hardware, including, but not limited to, one or more application-specific integrated circuits (ASICs), digital signal processors, discrete circuitry, logic gates, standard integrated circuits, controllers (e.g., by executing appropriate instructions, and including microcontrollers and/or embedded controllers), field-programmable gate arrays (FPGAs), complex programmable logic devices (CPLDs), etc., as well as devices that employ RFID technology, and various combinations thereof.
  • ASICs application-specific integrated circuits
  • DSPs digital signal processors
  • discrete circuitry discrete circuitry
  • logic gates e.g., logic gates, standard integrated circuits
  • controllers e.g., by executing appropriate instructions, and including microcontrollers and/or embedded controllers
  • FPGAs field-programmable gate arrays
  • CPLDs complex programmable logic devices

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)
  • Cash Registers Or Receiving Machines (AREA)
  • Control Of Vending Devices And Auxiliary Devices For Vending Devices (AREA)

Abstract

Encryption of data using a cryptographic device is protected. The protecting includes generating a first output of a first branch by encrypting a constant using a key, and generating a first output of a second branch by encrypting a constant using a key. The first output of the first branch, the first output of the second branch, and a first portion of plaintext data are XORed, generating a first portion of cypher text. A second output of the first branch is generated by encrypting the first output of the first branch using a key, and a second output of the second branch is generated by encrypting the first output of the second branch using a key. The second output of the first branch, the second output of the second branch, and a second portion of plaintext data are XORed, generating a second portion of cypher text.

Description

BACKGROUND Technical Field
The present description relates to techniques for performing cryptographic operations on data in a processing device comprising an encryption procedure.
Various embodiments may apply, e.g., to smartcard, microcontrollers, Internet of Things chips, set-top-box using an encryption or digital signature scheme.
Description of the Related Art
Cryptographic protocols are abstract or concrete protocols that perform a security-related function and apply cryptographic methods, often as sequences of cryptographic primitives.
In the field of protection from Side Channel Attacks in devices which uses cryptographic algorithms, e.g., microcontroller implementing encryption algorithms, such as ECC or RSA, vertical Side Channel Attacks (SCA) are known, where the attacker can encrypt arbitrary data (input) using the device, in order to get the cryptographic key used by the encryption algorithm. The attackers record side channel information during encryption of known input data, the side channel being represented by power consumption, electromagnetic radiation, or other similar quantities.
The side channel is linked with the data processed by the device, which are the cryptographic key and the attacker's data fed as input, which represent therefore known data.
The attacker records many “traces” with different known input data and a constant unknown key, making hypotheses on the value of a portion of the cryptographic key, and uses statistical methods to verify such hypotheses using the traces. To apply such statistical methods the attacker needs to use many traces, each with different and known input data and constant key.
A known solution to defend from such attacks is to use an implementation with SCA protection, which however cannot make use of existing non-protected hardware, while it is often too late or too costly to embed protected hardware. Also it is not always possible to switch to protected software implementation, because of anti-reverse engineering constraints, as protected software must not be visible to attackers. Also protected software requires secret random (secret even for legitimate user). Finally there may be a significant downgrade of the performance.
On the other hand it is possible to define an operation that is leakage resilient (DPA resistant) on top of existing hardware.
Therefore, in Leakage Resilient encryption schemes it is provided to derive a different key for each message from the same master key. This requires a Key Derivation Function, or KDF, which uses multiple times the master key. Thus, the KDF itself must be leakage resilient, e.g., a Leakage Resilient Key Derivation Function (LR-KDF).
Thus LR-KDF implemented on commonly available unprotected crypto hardware accelerators may represent an attractive solution if one cannot afford DPA protected solutions and/or wants to leverage existing hardware.
With current Leakage Resilient techniques however, either sometimes it cannot exploit current unprotected hardware, such as in the technique called ISAP, which uses Sponges and not AES, as described for instance in Dobraunig, Eichlseder, Mangard, Mendel, Unterluggauer, “ISAP—Towards Side-Channel Secure Authenticated Encryption,” or such techniques are not optimized to achieve good performance, as the technique described in Berti, Koeune, Pereira, Peters, Standaert, “Leakage-Resilient and Misuse-Resistant Authenticated Encryption” where the encryption key is changed after two encryptions, resulting in a time consuming implementation, although operating on existing hardware.
BRIEF SUMMARY
In an embodiment, a method comprises: executing cryptographic operations on data using cryptographic circuitry; and protecting, using the cryptographic circuitry, the cryptographic operations during the executing. The executing and protecting includes: generating an initialization vector; generating, using the initialization vector and a secret key, one or more unique keys; encrypting, using a first branch of the cryptographic circuitry, a constant associated with the first branch, using, as an encryption key, a key of the one or more unique keys that is associated with the first branch, generating a first output of the first branch; encrypting, using a second branch of the cryptographic circuitry, a constant associated with the second branch, using, as an encryption key, a key of the one or more unique keys that is associated with the second branch, generating a first output of the second branch; XORing the first output of the first branch, the first output of the second branch, and a first portion of plaintext data, generating a first portion of cypher text; encrypting, using the first branch of the cryptographic circuitry, the first output of the first branch, using, as an encryption key, the key of the one or more unique keys that is associated with the first branch, generating a second output of the first branch; encrypting, using the second branch of the cryptographic circuitry, the first output of the second branch, using, as an encryption key, the key of the one or more unique keys that is associated with the second branch, generating a second output of the second branch; and XORing the second output of the first branch, the second output of the second branch and a second portion of plaintext data, generating a second portion of cypher text.
In an embodiment, a cryptographic device comprises: a first encryption branch comprising a plurality of cryptographic circuits coupled together in series; a second encryption branch comprising a plurality of cryptographic circuits coupled together in series; and XOR circuitry coupled to the first encryption branch and to the second encryption branch, wherein, the cryptographic device, in operation, executes cryptographic operations on data and protects the cryptographic operations during the executing. The executing and protecting includes: encrypting, using the first branch of the cryptographic circuitry and an encryption key associated with the first branch, a constant associated with the first branch, generating a first output of the first branch; encrypting, using the second branch of the cryptographic circuitry and an encryption key associated with the second branch, a constant associated with the second branch, generating a first output of the second branch; XORing, using the XOR circuitry, the first output of the first branch, the first output of the second branch, and a first portion of plaintext data, generating a first portion of cypher text; encrypting, using the first branch of the cryptographic circuitry and the encryption key associated with the first branch, the first output of the first branch, generating a second output of the first branch; encrypting, using the second branch of the cryptographic circuitry and the encryption key associated with the second branch, the first output of the second branch, generating a second output of the second branch; and XORing, using the XOR circuitry, the second output of the first branch, the second output of the second branch, and a second portion of plaintext data, generating a second portion of cypher text.
In an embodiment, a system comprises: processing circuitry; and memory coupled to the processing circuitry, wherein the processing circuitry, in operation: encrypts, using an encryption key associated with a first encryption branch, a constant associated with the first encryption branch, generating a first output of the first encryption branch; encrypts, using an encryption key associated with a second encryption branch, a constant associated with the second encryption branch, generating a first output of the second encryption branch; XORs the first output of the first encryption branch, the first output of the second encryption branch, and a first portion of plaintext data, generating a first portion of cypher text; encrypts, using the encryption key associated with the first encryption branch, the first output of the first encryption branch, generating a second output of the first encryption branch; encrypts, using the encryption key associated with the second encryption branch, the first output of the second encryption branch, generating a second output of the second encryption branch; and XORs the second output of the first encryption branch, the second output of the second encryption branch, and a second portion of plaintext data, generating a second portion of cypher text.
In an embodiment, a non-transitory computer-readable medium's contents cause cryptographic circuitry to perform a method, the method comprising: executing cryptographic operations on data; and protecting the cryptographic operations during the executing, the executing and protecting including: generating an initialization vector; generating, using the initialization vector and a secret key, one or more unique keys; encrypting, using a first branch of the cryptographic circuitry, a constant associated with the first branch, using, as an encryption key, a key of the one or more unique keys that is associated with the first branch, generating a first output of the first branch; encrypting, using a second branch of the cryptographic circuitry, a constant associated with the second branch, using, as an encryption key, a key of the one or more unique keys that is associated with the second branch, generating a first output of the second branch; XORing the first output of the first branch, the first output of the second branch, and a first portion of plaintext data, generating a first portion of cypher text; encrypting, using the first branch of the cryptographic circuitry, the first output of the first branch, using, as an encryption key, the key of the one or more unique keys that is associated with the first branch, generating a second output of the first branch; encrypting, using the second branch of the cryptographic circuitry, the first output of the second branch, using, as an encryption key, the key of the one or more unique keys that is associated with the second branch, generating a second output of the second branch; and XORing the second output of the first branch, the second output of the second branch and a second portion of plaintext data, generating a second portion of cypher text.
BRIEF DESCRIPTION OF THE SEVERAL VIEWS OF THE DRAWINGS
The disclosure will now be described purely by way of a non-limiting example with reference to the annexed drawings, in which:
FIG. 1 represent a block scheme of an embodiment of processing device implementing the method here described;
FIG. 2 represents a detail of a possible embodiment of a block of FIG. 1 ;
 DETAILED DESCRIPTION
The ensuing description illustrates various specific details aimed at an in-depth understanding of the embodiments. The embodiments may be implemented without one or more of the specific details, or with other methods, components, materials, etc. In other cases, known structures, materials, or operations are not illustrated or described in detail so that various aspects of the embodiments will not be obscured.
Reference to “an embodiment” or “one embodiment” in the framework of the present description is meant to indicate that a particular configuration, structure, or characteristic described in relation to the embodiment is comprised in at least one embodiment. Likewise, phrases such as “in an embodiment” or “in one embodiment,” that may be present in various points of the present description, do not necessarily refer to the one and the same embodiment. Furthermore, particular conformations, structures, or characteristics can be combined appropriately in one or more embodiments.
The references used herein are intended merely for convenience and hence do not define the sphere of protection or the scope of the embodiments.
The solution here described refers to a method of for performing cryptographic operations on data in a processing device comprising a Leakage resilient encryption procedure, which comprises a Leakage Resilient key derivation function which derives a different key for each message from the same master key, which makes use of a double Output FeedBack.
As shown in FIG. 1 , a system for encryption 50 includes a random number generator 21 generating an initialization vector IV, having in the example here discussed 128 bits. Such binary sequence IV is fed to a Leakage Resilient Key Derivation Function, or LR-KDF, generator 10 together with a master encryption key MK to obtain a derived key K0.
It is underlined that according to the solution here described, the initialization vector IV is a not repeating, in particular random, binary sequence, which is generated by an initialization vector generator. In an embodiment, the initialization vector IV is a random vector generated by a random generator as in the example, however it can be for instance generated by a monotonic counter, which generates increasing, thus not repeating, numbers.
The derived key K0 is fed to two branches 31 a and 31 b in parallel, each branch comprising a plurality of invocations of AES cipher, represented by blocks 11, in series. Such derived key K0 is fed as encryption key while to the first AES cipher 11 in the first branch 31 a is fed as input a first constant CNa, in the example 0 . . . 000, while to the first AES operation of the second branch 31 b is fed a second constant CNb, in the example 0 . . . 001, different from said first constant CNa.
The outputs Oa0, Ob0 of the first AES cipher 11, constant CNa, CNb AES encrypted with the derived key K0, in the first and second branch 31 a, 31 b are brought to a first XOR block X0 performing a XOR operation between them and a first portion P0, having a given length, of a plaintext P. In particular the first portion P0 is a portion of 128 bits of length. The output of the first XOR block X0 is a first portion C0 of a ciphertext C. Therefore, the outputs of the first invocation of the AES cipher 11 represent a keystream which is supplied to the first XOR block X0 to encode the first portion P0 of plaintext obtaining the first portion C0 of a ciphertext C.
It is noted that the first XOR block X0 is a three input XOR, which, as known, performs first a XOR on two on the inputs producing a result and then performs the XOR of such result with the third input.
Therefore, in particular, said having the outputs Oa0, Ob0 of the first encryption operations on each encryption branch 31 a, 31 b and a first portion P0 of a plaintext being the inputs of a first XOR function X0 producing a first portion of cipher text C0. In an embodiment, the first XOR function X0 is implemented by first performing a XOR operation between the outputs Oa0, Ob0 of the first encryption operations on each encryption branch 31 a, 31 b, then the result of such first XOR operation is XOR-ed with the first portion P0 of the plaintext. This avoids that an attacker can, during a decryption, ask decryption of the same message more times.
This implementation may be used also in the subsequent XOR functions, e.g., X1, . . . , to produce subsequent portions of cipher text, e.g., C1, as described in the following description.
The outputs Oa0, Ob0 are then also supplied to a subsequent, in particular second, respective invocation of the AES cipher 11 together with the derived key K0. Second outputs Oa1, Ob1 of the second AES cipher 11 in the first and second branch 31 a, 31 b are brought to a second XOR block X1 performing a XOR operation between them and a second portion P1, of such given length, of such a plaintext P. The output of the second XOR block X1 is a second portion C1 of the ciphertext C. Therefore, the outputs of the subsequent invocation of the AES cipher 11 represent a keystream which is supplied to the second XOR block X1 to encode the second portion P1 of plaintext obtaining the second portion C0 of a ciphertext C.
Thus, summing up, on each branch a chain of cipher blocks 11, or better invocation of ciphers, in particular AES, is provided, which output is provided as keystream to a XOR which encodes a portion of the plaintext in a portion of ciphertext. The first block of the chain is initiated with a constant, instead that with the output of the previous block.
It can be recognized that each of the branches 31 a and 31 b basically correspond to an OFB encryption, since each block cipher operation, depends on all previous ones, and so is not performed in parallel.
Thus, the circuit of FIG. 1 is configured as a double OFB encryption, as the XOR operation is carried out on both the outputs of the OFB branches 31 a and 31 b and the portion of plaintext. As mentioned, blocks 11 represents an invocation of cipher block encryption in general, in the example AES encryption. This means that there can be a unique cipher block encryption module, e.g., a unique AES module, which performs sequentially all the cipher block encryptions 11, for example, an invocation to the cipher block encryptions 11 is performed each time.
Thus, summing up, with reference to FIG. 1 a method is described to perform cryptographic operations on data in a processing device comprising a Leakage resilient encryption procedure, which comprises a Leakage Resilient key derivation function which derives a different key for each message from the same master key,
    • said method comprising
      • generating a not repeating, in particular random, initialization vector IV by an initialization vector generator, in particular random generator 21,
      • performing a Leakage Resilient key derivation function using a master encryption key MK and such initialization vector IV as inputs of a key derivation function chain 10, obtaining at least a derivation key K0. Also two different key K0,K1 can be obtained, one for each branch 31 a, 31 b.
Then it is provided supplying said at least a derivation key, e.g., K0 as encryption key to a pair of output feedback encryption branches 31 a, 31 b. Said encryption branches include each a chain of cipher blocks 11, or invocation to a same cipher block, e.g., AES, which receive the derivation key as encryption key. The output of each cipher 11 having the same position in the chain in each branch is brought as input of a XOR together with a portion of ciphertext.
Each encryption branch 31 a, 31 b performs therefore a first encryption operation invoking the cipher block encryption 11 using such at least a derivation key K0 as encryption key and receiving a respective first constant CNa and second constant CNb as input to be encrypted, the outputs Oa0, Ob0 of the first encryption operations on each encryption branch 31 a, 31 b and a first portion P0 of a plaintext being the inputs of a first XOR function X0 producing a first portion of cipher text C0.
For the cipher blocks 11 subsequent with respect to the first block, which number, the number of invocations, depends on the length of the message to be encrypted, e.g., cipher text, it is then provided performing at least one subsequent encryption invoking a cipher block encryption 11 using said at least a key K0 as encryption key and receiving the outputs Oa0, Ob0 of the previous encryptions as input to be encrypted, the outputs Oa1, Ob1 of said subsequent encryptions and a subsequent portion P1 of a plaintext being the inputs of a subsequent XOR function X1 producing a subsequent portion of cipher text C1.
The LR-KDF generator 10 can be implemented by different KDF procedures or algorithms.
The basic requirement of Leakage Resilient encryption is that a key can be used for a very limited number of times. However users may desire to have a master key which lasts a long time, for example, for years.
Therefore in Leakage Resilient encryption schemes it is provided to derive a different key for each message from the same master key. This requires a Key Derivation Function, or KDF, which uses multiple times the master key. Thus, the KDF itself is leakage resilient, a Leakage Resilient Key Derivation Function (LR-KDF).
Solutions are known which makes use of a Leakage Resilient cryptography such as the so called GGM scheme, described in Oded Goldreich, Shafi Goldwasser, and Silvio Micali. “How to construct random functions” Journal of the ACM, 33(4): 792-807, October 1986.
As illustrated, the system 50 of FIG. 1 includes one or more processors P, one or more memories M, and discrete circuitry DC, which may be employed in various combinations to implement the functionality of the system 50. Such functionality may include the encrypting and protection operations described herein, as well as other functional operations of the system 50, such as operations associated with smartcards, microcontrollers, Internet of Things chips, set-top-boxes, etc., using an encryption or digital signature scheme. To this regard, in FIG. 2 it is shown a chain to obtain a derived key from a master key, which may be the LR-KDF generator 10. A master key MK is supplied to an invocation of a cipher 11, e.g., a cipher performing AES (Advanced Encryption Standard) encryption, block 11 which receives the first bit NC0 of a nonce NC, e.g., a number, such as a random number, used only once, which can be seen as a plaintext to be encrypted by the AES 11. The output of the encryption, IK0, is used as key for another invocation of the AES cipher 11 together with the following bit NC1 of the nonce NC.
The procedure is repeated to the last n-th bit NCn of the nonce NC, which gives an encrypted output IKn. Then a final encryption is performed on the n-th encrypted output IKn supplying a string of zeroes as plaintext instead of the nonce NC bits, to the invocation of AES cipher 11, obtaining finally as output the derived key DK.
Again blocks 11 represent cipher block encryption in general, in the example AES encryption and the unique cipher block encryption module, e.g., unique AES module, can perform sequentially also the cipher block encryptions 11 of the LR-KDF generator 10. It is noted that by the solution described in FIG. 1 the initialization vector IV is randomly generated internally at the encryption system 50, and not passed from outside. Random generation with respect to using the monotonic counter avoids the necessity of saving the monotonic counter value and avoiding its modification. As mentioned, the initialization vector IV does not repeat. In an embodiment, the initialization vector IV is a nonce.
Thus, the random internally generated initialization vector IV is input to LR-KDF generator 10 to generate the derived key K0 which is the derived key used to generate 2 OFB streams. As the derived key K0 is not known, under the LR-KDF assumptions, an attacker would not know the input values to the AES 11 in the AES-OFB, except for the first constant, e.g., 0 . . . 00, and second constant 0 . . . 01. Knowledge of plaintext P and ciphertext C does not allow attacker to recover the input values to the AES blocks 11.
In variant embodiments, two different derived keys can be generated by a same LR-DF generator or two LR-KDF generators, keys K0, K1 respectively, and supplied to the respective OFB branches 31 a, 31 b. In that case, the first constant CNa and the second constant CNb may or may not be different.
As illustrated, the key generator 10 of FIG. 2 includes one or more processors P, one or more memories M, and discrete circuitry DC, which may be employed in various combinations to implement the functionality of the key generator 10.
An authentication module, not shown in FIG. 1 , may be arranged downstream the branches 31 a and 31 b. This authentication module may be implemented for instance according to authentication schemes described in Berti, Koeune, Pereira, Peters, Standaert, “Leakage-Resilient and Misuse-Resistant Authenticated Encryption,” Published 2016, Computer Science, IACR Cryptol., or Medwed, Standaert, Joux, “Towards Super-Exponential Side-Channel Security with Efficient Leakage-Resilient PRFs,” in Prouff, E., Schaumont, P. (eds.) Cryptographic Hardware and Embedded Systems—CHES 2012—14th International Workshop, Leuven, Belgium, Sep. 9-12, 2012. Proceedings. Lecture Notes in Computer Science, vol. 7428, pp. 193-212. Springer (2012).
In variant embodiments, the solution here described may be applied not only to a Leakage resilient encryption procedure, which comprises a Leakage Resilient key derivation function which derives a different key for each message from the same master key, but also to an encryption procedure in which at least a unique key is supplied to the OFB structure. Therefore, the solution in general refers to a method for performing cryptographic operations on data in a processing device comprising an encryption procedure,
    • said method comprising
      • generating an initialization vector IV not repeating by unique key generator,
      • obtaining at least a unique key,
      • supplying said at least a unique key as encryption key to a pair of output feedback encryption branches,
      • each encryption branch performing a first encryption operation invoking an encryption block cipher performing an encryption operation using said at least a unique key as encryption key and receiving a respective first and second constant as input to be encrypted,
      • the outputs of said first encryption operations on each encryption branch and a first portion of a plaintext being the inputs of a first XOR function producing a first portion of cipher text,
      • performing at least one subsequent encryption invoking an encryption block cipher using said at least a unique key as encryption key and receiving the outputs of the previous encryptions as input to be encrypted, the outputs of said subsequent encryptions and a subsequent portion of a plaintext being the inputs of a subsequent XOR function producing a subsequent portion of cipher text.
The solution according to the various embodiments here described may provide the following advantages.
The solution here described facilitates a new mode of operation which is leakage resilient (DPA resistant). Such mode operates by having a first nonce-based key derivation and using the derived key or keys to generate more than one keystream without having the input, the plaintext, being processed by the cipher, but just combined with the keystream, performing an exclusive OR with the keystream, to obtain the ciphertext.
Of course, without prejudice to the principle of the embodiments, the details of construction and the embodiments may vary widely with respect to what has been described and illustrated herein purely by way of example, without thereby departing from the scope of the present embodiments, as defined the ensuing claims.
In an embodiment, a method for performing cryptographic operations on data in a processing device includes an encryption procedure, said method may be summarized as including generating a not repeating, in particular random, initialization vector (IV) by an initialization vector generator, in particular random generator (21), obtaining at least a unique key (K0; K0,K1), supplying said at least a unique key (K0; K0,K1) as encryption key to a pair of output feedback encryption branches (31 a, 31 b), each encryption branch (31 a, 31 b) performing a first encryption operation invoking an encryption block cipher (11) performing an encryption operation using said at least a unique key (K0; K0,K1) as encryption key and receiving a respective first (CNa) and second (CNb) constant as input to be encrypted, the outputs (Oa0, Ob0) of said first encryption operations on each encryption branch (31 a, 31 b) and a first portion (P0) of a plaintext being the inputs of a first XOR function (X0) producing a first portion of cipher text (C0), performing at least one subsequent encryption invoking an encryption block cipher (11) using said at least a unique key (K0; K0,K1) as encryption key and receiving the outputs (Oa0, Ob0) of the previous encryptions as input to be encrypted, the outputs (Oa1, Ob1) of said subsequent encryptions and a subsequent portion (P1) of a plaintext being the inputs of a subsequent XOR function (X1) producing a subsequent portion of cipher text (C1).
In an embodiment, said at least a unique key (K0; K0,K1) may be a single unique key (K0) and said first and second constants (CNa, CNb) may be different one with respect to the other.
In an embodiment, two unique keys (K0,K1) may be sent respectively to the first branch (31 a) and to the second branch (31 b) and said first and second constants (CNa, CNb) may be equal.
In an embodiment, said initialization vector (IV) may be generated as a nonce.
The method may include an authenticated encryption procedure on the cipher text obtained.
Said cipher block (11) may be an AES cipher.
In an embodiment, having the outputs (Oa0, Ob0) of the first encryption operations on each encryption branch (31 a, 31 b) and a first portion (P0) of a plaintext being the inputs of a first XOR function (X0) producing a first portion of cipher text (C0) may be implemented by first performing a first XOR between the outputs (Oa0, Ob0) of the first encryption operations on each encryption branch (31 a, 31 b) then on the result of such first XOR operation may be performed a XOR with the first portion P0 of the plaintext, producing said first portion of cipher text (C0), the subsequent XOR functions (X1) being also so implemented to produce subsequent portions of cipher text (C1).
In an embodiment, said encryption procedure may be a Leakage resilient encryption procedure, which may include a Leakage Resilient key derivation function which derives a different key for each message from the same master key, said method including performing a Leakage Resilient key derivation function using a master encryption key (MK) and said initialization vector (IV) as inputs of a key derivation function chain (10), obtaining at least a derivation key (K0; K0,K1) as said unique key (K0; K0,K1).
A processing device (10) may be configured to perform the steps of the methods disclosed herein.
The processing device may include a random generator (21) for generating said random initialization vector (IV), a unique key generator (10) configured to obtain said at least a unique key (K0; K0,K1), an encryption arrangement may include a pair of output feedback encryption branches (31 a, 31 b), each encryption branch (31 a, 31 b) may include a chain of invocations of an encryption block cipher (11), each output of a previous encryption block cipher being the input of the following encryption block cipher, which receives said at least a unique key (K0; K0,K1) as encryption key, the first encryption block cipher (11) receiving the respective first (CNa) and second (CNb) constant as input to be encrypted, said encryption arrangement may include also a plurality of blocks (X0, X1) performing a XOR function, the output of each cipher (11) having the same position in the chain of encryption branch (31 a, 31 b) being fed as input to a respective XOR function (X0) together with the plaintext portion to obtain a corresponding portion of cipher text (C0).
Said unique key generator (10) may be configured to obtain said at least a unique key (K0; K0,K1) and may be a Leakage Resilient key derivation function generator (10) configured to obtain said at least a derivation key (K0; K0,K1),
In an embodiment, a computer program product that can be loaded into the memory of at least one computer and may be summarized as including parts of software code that are able to execute the steps of the methods disclosed herein when the product is run on at least one computer.
In an embodiment, a method comprises: executing cryptographic operations on data using cryptographic circuitry; and protecting, using the cryptographic circuitry, the cryptographic operations during the executing. The executing and protecting includes: generating an initialization vector; generating, using the initialization vector and a secret key, one or more unique keys; encrypting, using a first branch of the cryptographic circuitry, a constant associated with the first branch, using, as an encryption key, a key of the one or more unique keys that is associated with the first branch, generating a first output of the first branch; encrypting, using a second branch of the cryptographic circuitry, a constant associated with the second branch, using, as an encryption key, a key of the one or more unique keys that is associated with the second branch, generating a first output of the second branch; XORing the first output of the first branch, the first output of the second branch, and a first portion of plaintext data, generating a first portion of cypher text; encrypting, using the first branch of the cryptographic circuitry, the first output of the first branch, using, as an encryption key, the key of the one or more unique keys that is associated with the first branch, generating a second output of the first branch; encrypting, using the second branch of the cryptographic circuitry, the first output of the second branch, using, as an encryption key, the key of the one or more unique keys that is associated with the second branch, generating a second output of the second branch; and XORing the second output of the first branch, the second output of the second branch and a second portion of plaintext data, generating a second portion of cypher text.
In an embodiment, the one or more unique keys comprise a single unique key associated with both the first branch and the second branch; and the constant associated with the first branch and the constant associated with the second branch are different constants. In an embodiment, the one or more unique keys comprise a first unique key associated with the first branch and a second, different unique key associated with the second branch; and the constant associated with the first branch and the constant associated with the second branch are equal. In an embodiment, the method comprises generating the initialization vector as a nonce. In an embodiment, the method comprises executing an authentication procedure on the first and second portions of cipher text. In an embodiment, the encrypting by the first and second branches comprises applying AES ciphering. In an embodiment, the XORing the first output of the first branch, the first output of the second branch, and the first portion of plaintext data comprises: XORing the first output of the first branch with the first output of the second branch, generating a first XOR result; and XORing the first XOR result with the first portion of plaintext data, generating the first portion of cypher text; and the XORing the second output of the first branch, the second output of the second branch, and the second portion of plaintext data comprises: XORing the second output of the first branch with the second output of the second branch, generating a second XOR result; and XORing the second XOR result with the second portion of plaintext data, generating the second portion of cypher text. In an embodiment, the generating, using the initialization vector and a secret key, the one or more unique keys comprises: performing a leakage resilient key derivation function using a master encryption key and the initialization vector (IV) as inputs to a key derivation function chain.
In an embodiment, a cryptographic device comprises: a first encryption branch comprising a plurality of cryptographic circuits coupled together in series; a second encryption branch comprising a plurality of cryptographic circuits coupled together in series; and XOR circuitry coupled to the first encryption branch and to the second encryption branch, wherein, the cryptographic device, in operation, executes cryptographic operations on data and protects the cryptographic operations during the executing. The executing and protecting includes: encrypting, using the first branch of the cryptographic circuitry and an encryption key associated with the first branch, a constant associated with the first branch, generating a first output of the first branch; encrypting, using the second branch of the cryptographic circuitry and an encryption key associated with the second branch, a constant associated with the second branch, generating a first output of the second branch; XORing, using the XOR circuitry, the first output of the first branch, the first output of the second branch, and a first portion of plaintext data, generating a first portion of cypher text; encrypting, using the first branch of the cryptographic circuitry and the encryption key associated with the first branch, the first output of the first branch, generating a second output of the first branch; encrypting, using the second branch of the cryptographic circuitry and the encryption key associated with the second branch, the first output of the second branch, generating a second output of the second branch; and XORing, using the XOR circuitry, the second output of the first branch, the second output of the second branch, and a second portion of plaintext data, generating a second portion of cypher text. In an embodiment, the encryption key associated with the first branch and the encryption key associated with the second branch are a same encryption key; and the constant associated with the first branch and the constant associated with the second branch are different constants. In an embodiment, the encryption key associated with the first branch and the encryption key associated with the second branch are different encryption keys; and the constant associated with the first branch and the constant associated with the second branch are a same constant. In an embodiment, the cryptographic device comprises a key generator coupled to the first and second encryption branches, wherein the key generator, in operation, generates one or more unique keys based on an initialization vector and a master key. In an embodiment, the key generator comprises a leakage resilient key derivation function chain having a plurality of AES circuits coupled together in series. In an embodiment, the cryptographic device comprises a random number generator, which, in operation, generates the initialization vector. In an embodiment, the cryptographic device comprises a monotonic counter, which, in operation, generates the initialization vector. In an embodiment, the cryptographic device, in operation, executes an authentication procedure on the first and second portions of cipher text. In an embodiment, the plurality of cryptographic circuits of the first cryptographic branch comprise a plurality of AES circuits coupled together in series; and the plurality of cryptographic circuits of the second cryptographic branch comprise a plurality of AES circuits coupled together in series. In an embodiment, the XOR circuitry, in operation, XORs the first output of the first branch with the first output of the second branch, generating a first XOR result; XORs the first XOR result with the first portion of plaintext data, generating the first portion of cypher text; XORs the second output of the first branch with the second output of the second branch, generating a second XOR result; and XORs the second XOR result with the second portion of plaintext data, generating the second portion of cypher text.
In an embodiment, a system comprises: processing circuitry; and memory coupled to the processing circuitry, wherein the processing circuitry, in operation: encrypts, using an encryption key associated with a first encryption branch, a constant associated with the first encryption branch, generating a first output of the first encryption branch; encrypts, using an encryption key associated with a second encryption branch, a constant associated with the second encryption branch, generating a first output of the second encryption branch; XORs the first output of the first encryption branch, the first output of the second encryption branch, and a first portion of plaintext data, generating a first portion of cypher text; encrypts, using the encryption key associated with the first encryption branch, the first output of the first encryption branch, generating a second output of the first encryption branch; encrypts, using the encryption key associated with the second encryption branch, the first output of the second encryption branch, generating a second output of the second encryption branch; and XORs the second output of the first encryption branch, the second output of the second encryption branch, and a second portion of plaintext data, generating a second portion of cypher text. In an embodiment, the encryption key associated with the first encryption branch and the encryption key associated with the second encryption branch are a same encryption key; and the constant associated with the first encryption branch and the constant associated with the second encryption branch are different constants. In an embodiment, the encryption key associated with the first branch and the encryption key associated with the second branch are different encryption keys; and the constant associated with the first branch and the constant associated with the second branch are a same constant. In an embodiment, the processing circuitry, in operation, XORs the first output of the first cryptographic branch with the first output of the second cryptographic branch, generating a first XOR result; XORs the first XOR result with the first portion of plaintext data, generating the first portion of cypher text; XORs the second output of the first cryptographic branch with the second output of the second cryptographic branch, generating a second XOR result; and XORs the second XOR result with the second portion of plaintext data, generating the second portion of cypher text.
In an embodiment, a non-transitory computer-readable medium's contents cause cryptographic circuitry to perform a method, the method comprising: executing cryptographic operations on data; and protecting the cryptographic operations during the executing, the executing and protecting including: generating an initialization vector; generating, using the initialization vector and a secret key, one or more unique keys; encrypting, using a first branch of the cryptographic circuitry, a constant associated with the first branch, using, as an encryption key, a key of the one or more unique keys that is associated with the first branch, generating a first output of the first branch; encrypting, using a second branch of the cryptographic circuitry, a constant associated with the second branch, using, as an encryption key, a key of the one or more unique keys that is associated with the second branch, generating a first output of the second branch; XORing the first output of the first branch, the first output of the second branch, and a first portion of plaintext data, generating a first portion of cypher text; encrypting, using the first branch of the cryptographic circuitry, the first output of the first branch, using, as an encryption key, the key of the one or more unique keys that is associated with the first branch, generating a second output of the first branch; encrypting, using the second branch of the cryptographic circuitry, the first output of the second branch, using, as an encryption key, the key of the one or more unique keys that is associated with the second branch, generating a second output of the second branch; and XORing the second output of the first branch, the second output of the second branch and a second portion of plaintext data, generating a second portion of cypher text. In an embodiment, the contents comprise instructions executed by the cryptographic circuitry. In an embodiment, the XORing the first output of the first branch, the first output of the second branch, and the first portion of plaintext data comprises: XORing the first output of the first branch with the first output of the second branch, generating a first XOR result; and XORing the first XOR result with the first portion of plaintext data, generating the first portion of cypher text; and the XORing the second output of the first branch, the second output of the second branch, and the second portion of plaintext data comprises: XORing the second output of the first branch with the second output of the second branch, generating a second XOR result; and XORing the second XOR result with the second portion of plaintext data, generating the second portion of cypher text.
Some embodiments may take the form of or comprise computer program products. For example, according to one embodiment there is provided a computer readable medium comprising a computer program adapted to perform one or more of the methods or functions described above. The medium may be a physical storage medium, such as for example a Read Only Memory (ROM) chip, or a disk such as a Digital Versatile Disk (DVD-ROM), Compact Disk (CD-ROM), a hard disk, a memory, a network, or a portable media article to be read by an appropriate drive or via an appropriate connection, including as encoded in one or more barcodes or other related codes stored on one or more such computer-readable mediums and being readable by an appropriate reader device.
Furthermore, in some embodiments, some or all of the methods and/or functionality may be implemented or provided in other manners, such as at least partially in firmware and/or hardware, including, but not limited to, one or more application-specific integrated circuits (ASICs), digital signal processors, discrete circuitry, logic gates, standard integrated circuits, controllers (e.g., by executing appropriate instructions, and including microcontrollers and/or embedded controllers), field-programmable gate arrays (FPGAs), complex programmable logic devices (CPLDs), etc., as well as devices that employ RFID technology, and various combinations thereof.
The various embodiments described above can be combined to provide further embodiments. Aspects of the embodiments can be modified, if necessary to employ concepts of the various patents, applications and publications to provide yet further embodiments.
These and other changes can be made to the embodiments in light of the above-detailed description. In general, in the following claims, the terms used should not be construed to limit the claims to the specific embodiments disclosed in the specification and the claims, but should be construed to include all possible embodiments along with the full scope of equivalents to which such claims are entitled. Accordingly, the claims are not limited by the disclosure.

Claims (21)

The invention claimed is:
1. A method, comprising:
executing cryptographic operations on data using cryptographic circuitry; and
protecting, using the cryptographic circuitry, the cryptographic operations during the executing, the executing and protecting including:
generating an initialization vector;
generating, using the initialization vector and a secret key, one or more unique keys;
encrypting, using a first branch of the cryptographic circuitry, a constant associated with the first branch, using, as an encryption key, a key of the one or more unique keys that is associated with the first branch, generating a first output of the first branch;
encrypting, using a second branch of the cryptographic circuitry, a constant associated with the second branch, using, as an encryption key, a key of the one or more unique keys that is associated with the second branch, generating a first output of the second branch;
XORing the first output of the first branch, the first output of the second branch, and a first portion of plaintext data, generating a first portion of cypher text;
encrypting, using the first branch of the cryptographic circuitry, the first output of the first branch, using, as an encryption key, the key of the one or more unique keys that is associated with the first branch, generating a second output of the first branch;
encrypting, using the second branch of the cryptographic circuitry, the first output of the second branch, using, as an encryption key, the key of the one or more unique keys that is associated with the second branch, generating a second output of the second branch; and
XORing the second output of the first branch, the second output of the second branch and a second portion of plaintext data, generating a second portion of cypher text, wherein:
the XORing the first output of the first branch, the first output of the second branch, and the first portion of plaintext data comprises:
XORing the first output of the first branch with the first output of the second branch, generating a first XOR result; and
XORing the first XOR result with the first portion of plaintext data, generating the first portion of cypher text; and
the XORing the second output of the first branch, the second output of the second branch, and the second portion of plaintext data comprises:
XORing the second output of the first branch with the second output of the second branch, generating a second XOR result; and
XORing the second XOR result with the second portion of plaintext data, generating the second portion of cypher text.
2. The method according to claim 1, wherein,
the one or more unique keys comprise a single unique key associated with both the first branch and the second branch; and
the constant associated with the first branch and the constant associated with the second branch are different constants.
3. The method according to claim 1, wherein,
the one or more unique keys comprise a first unique key associated with the first branch and a second, different unique key associated with the second branch; and
the constant associated with the first branch and the constant associated with the second branch are equal.
4. The method according to claim 1, comprising generating the initialization vector as a nonce.
5. The method according to claim 1, comprising executing an authentication procedure on the first and second portions of cipher text.
6. The method according to claim 1, wherein the encrypting by the first and second branches comprises applying AES ciphering.
7. The method according to claim 1, wherein the generating, using the initialization vector and a secret key, the one or more unique keys comprises:
performing a leakage resilient key derivation function using a master encryption key and the initialization vector (IV) as inputs to a key derivation function chain.
8. A cryptographic device, comprising:
a first encryption branch comprising a plurality of cryptographic circuits coupled together in series;
a second encryption branch comprising a plurality of cryptographic circuits coupled together in series; and
XOR circuitry coupled to the first encryption branch and to the second encryption branch, wherein, the cryptographic device, in operation, executes cryptographic operations on data and protects the cryptographic operations during the executing, the executing and protecting including:
encrypting, using the first branch of the cryptographic circuitry and an encryption key associated with the first branch, a constant associated with the first branch, generating a first output of the first branch;
encrypting, using the second branch of the cryptographic circuitry and an encryption key associated with the second branch, a constant associated with the second branch, generating a first output of the second branch;
XORing, using the XOR circuitry, the first output of the first branch, the first output of the second branch, and a first portion of plaintext data, generating a first portion of cypher text;
encrypting, using the first branch of the cryptographic circuitry and the encryption key associated with the first branch, the first output of the first branch, generating a second output of the first branch;
encrypting, using the second branch of the cryptographic circuitry and the encryption key associated with the second branch, the first output of the second branch, generating a second output of the second branch; and
XORing, using the XOR circuitry, the second output of the first branch, the second output of the second branch, and a second portion of plaintext data, generating a second portion of cypher text, wherein the XOR circuitry, in operation,
XORs the first output of the first branch with the first output of the second branch, generating a first XOR result;
XORs the first XOR result with the first portion of plaintext data, generating the first portion of cypher text;
XORs the second output of the first branch with the second output of the second branch, generating a second XOR result; and
XORs the second XOR result with the second portion of plaintext data, generating the second portion of cypher text.
9. The cryptographic device according to claim 8, wherein,
the encryption key associated with the first branch and the encryption key associated with the second branch are a same encryption key; and
the constant associated with the first branch and the constant associated with the second branch are different constants.
10. The cryptographic device according to claim 8, wherein,
the encryption key associated with the first branch and the encryption key associated with the second branch are different encryption keys; and
the constant associated with the first branch and the constant associated with the second branch are a same constant.
11. The cryptographic device of claim 8, comprising a key generator coupled to the first and second encryption branches, wherein the key generator, in operation, generates one or more unique keys based on an initialization vector and a master key.
12. The cryptographic device of claim 11, wherein the key generator comprises a leakage resilient key derivation function chain having a plurality of AES circuits coupled together in series.
13. The cryptographic device of claim 11, comprising a random number generator, which, in operation, generates the initialization vector.
14. The cryptographic device of claim 11, comprising a monotonic counter, which, in operation, generates the initialization vector.
15. The cryptographic device of claim 8, wherein the cryptographic device, in operation, executes an authentication procedure on the first and second portions of cipher text.
16. The cryptographic device of claim 8, wherein,
the plurality of cryptographic circuits of the first encryption branch comprise a plurality of AES circuits coupled together in series; and
the plurality of cryptographic circuits of the second encryption branch comprise a plurality of AES circuits coupled together in series.
17. A system, comprising:
processing circuitry; and
memory coupled to the processing circuitry, wherein the processing circuitry, in operation:
encrypts, using an encryption key associated with a first encryption branch, a constant associated with the first encryption branch, generating a first output of the first encryption branch;
encrypts, using an encryption key associated with a second encryption branch, a constant associated with the second encryption branch, generating a first output of the second encryption branch;
XORs the first output of the first encryption branch, the first output of the second encryption branch, and a first portion of plaintext data, generating a first portion of cypher text;
encrypts, using the encryption key associated with the first encryption branch, the first output of the first encryption branch, generating a second output of the first encryption branch;
encrypts, using the encryption key associated with the second encryption branch, the first output of the second encryption branch, generating a second output of the second encryption branch; and
XORs the second output of the first encryption branch, the second output of the second encryption branch, and a second portion of plaintext data, generating a second portion of cypher text, wherein the processing circuitry, in operation,
XORs the first output of the first encryption branch with the first output of the second encryption branch, generating a first XOR result;
XORs the first XOR result with the first portion of plaintext data, generating the first portion of cypher text;
XORs the second output of the first encryption branch with the second output of the second encryption branch, generating a second XOR result; and
XORs the second XOR result with the second portion of plaintext data, generating the second portion of cypher text.
18. The system according to claim 17, wherein,
the encryption key associated with the first encryption branch and the encryption key associated with the second encryption branch are a same encryption key; and
the constant associated with the first encryption branch and the constant associated with the second encryption branch are different constants.
19. The system of claim 17, wherein,
the encryption key associated with the first branch and the encryption key associated with the second branch are different encryption keys; and
the constant associated with the first branch and the constant associated with the second branch are a same constant.
20. A non-transitory computer-readable medium having contents which cause cryptographic circuitry to perform a method, the method comprising:
executing cryptographic operations on data; and
protecting the cryptographic operations during the executing, the executing and protecting including:
generating an initialization vector;
generating, using the initialization vector and a secret key, one or more unique keys;
encrypting, using a first branch of the cryptographic circuitry, a constant associated with the first branch, using, as an encryption key, a key of the one or more unique keys that is associated with the first branch, generating a first output of the first branch;
encrypting, using a second branch of the cryptographic circuitry, a constant associated with the second branch, using, as an encryption key, a key of the one or more unique keys that is associated with the second branch, generating a first output of the second branch;
XORing the first output of the first branch, the first output of the second branch, and a first portion of plaintext data, generating a first portion of cypher text;
encrypting, using the first branch of the cryptographic circuitry, the first output of the first branch, using, as an encryption key, the key of the one or more unique keys that is associated with the first branch, generating a second output of the first branch;
encrypting, using the second branch of the cryptographic circuitry, the first output of the second branch, using, as an encryption key, the key of the one or more unique keys that is associated with the second branch, generating a second output of the second branch; and
XORing the second output of the first branch, the second output of the second branch and a second portion of plaintext data, generating a second portion of cypher text, wherein,
the XORing the first output of the first branch, the first output of the second branch, and the first portion of plaintext data comprises:
XORing the first output of the first branch with the first output of the second branch, generating a first XOR result; and
XORing the first XOR result with the first portion of plaintext data, generating the first portion of cypher text; and
the XORing the second output of the first branch, the second output of the second branch, and the second portion of plaintext data comprises:
XORing the second output of the first branch with the second output of the second branch, generating a second XOR result; and
XORing the second XOR result with the second portion of plaintext data, generating the second portion of cypher text.
21. The non-transitory computer-readable medium of claim 20, wherein the contents comprise instructions executed by the cryptographic circuitry.
US17/839,109 2021-06-28 2022-06-13 Method for performing cryptographic operations in a processing device, corresponding processing device and computer program product Active 2043-05-09 US12335373B2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210734959.2A CN115603892A (en) 2021-06-28 2022-06-27 Method for performing cryptographic operations, corresponding processing device and computer program product

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
IT102021000016910 2021-06-28
IT102021000016910A IT202100016910A1 (en) 2021-06-28 2021-06-28 PROCEDURE FOR CARRYING OUT ENCRYPTION OPERATIONS IN A COMPUTING DEVICE, CORRESPONDING PROCESSING DEVICE AND COMPUTER PRODUCT

Publications (2)

Publication Number Publication Date
US20220417012A1 US20220417012A1 (en) 2022-12-29
US12335373B2 true US12335373B2 (en) 2025-06-17

Family

ID=77802090

Family Applications (1)

Application Number Title Priority Date Filing Date
US17/839,109 Active 2043-05-09 US12335373B2 (en) 2021-06-28 2022-06-13 Method for performing cryptographic operations in a processing device, corresponding processing device and computer program product

Country Status (4)

Country Link
US (1) US12335373B2 (en)
EP (1) EP4113894B1 (en)
CN (1) CN115603892A (en)
IT (1) IT202100016910A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN120281571B (en) * 2025-06-06 2025-09-09 山东浪潮超高清智能科技有限公司 AES-based data enhancement encryption method, system, device and medium

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090214026A1 (en) 2008-02-27 2009-08-27 Shay Gueron Method and apparatus for optimizing advanced encryption standard (aes) encryption and decryption in parallel modes of operation
US20100150344A1 (en) * 2008-12-15 2010-06-17 Thomson Licensing Methods and devices for a chained encryption mode
US20160072779A1 (en) * 2014-09-10 2016-03-10 Nxp B.V. Securing a cryptographic device against implementation attacks
US20160156461A1 (en) * 2013-06-27 2016-06-02 Qualcomm Incorporated Method and Apparatus to Encrypt Plaintext Data
US20160323097A1 (en) * 2015-04-30 2016-11-03 Nxp B.V. Securing a cryptographic device
US20180183576A1 (en) * 2016-12-22 2018-06-28 Shenzhen State Micro Technology Co Ltd Mask s-box, block ciphers algorithm device and corresponding construction process
WO2021252294A1 (en) * 2020-06-08 2021-12-16 Cryptography Research, Inc. Protection of transformations by intermediate randomization in cryptographic operations

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103795527A (en) * 2014-03-03 2014-05-14 重庆大学 Software mask defense scheme capable of preventing attack on advanced encryption standard (AES) algorithm based on power analysis
US9794062B2 (en) * 2015-10-08 2017-10-17 The Boeing Company Scrambled tweak mode of blockciphers for differential power analysis resistant encryption

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090214026A1 (en) 2008-02-27 2009-08-27 Shay Gueron Method and apparatus for optimizing advanced encryption standard (aes) encryption and decryption in parallel modes of operation
US20100150344A1 (en) * 2008-12-15 2010-06-17 Thomson Licensing Methods and devices for a chained encryption mode
US20160156461A1 (en) * 2013-06-27 2016-06-02 Qualcomm Incorporated Method and Apparatus to Encrypt Plaintext Data
US20160072779A1 (en) * 2014-09-10 2016-03-10 Nxp B.V. Securing a cryptographic device against implementation attacks
US20160323097A1 (en) * 2015-04-30 2016-11-03 Nxp B.V. Securing a cryptographic device
US20180183576A1 (en) * 2016-12-22 2018-06-28 Shenzhen State Micro Technology Co Ltd Mask s-box, block ciphers algorithm device and corresponding construction process
WO2021252294A1 (en) * 2020-06-08 2021-12-16 Cryptography Research, Inc. Protection of transformations by intermediate randomization in cryptographic operations

Non-Patent Citations (7)

* Cited by examiner, † Cited by third party
Title
"Pirzada et al.", "Architectural Optimization of Parallel Authenticated Encryption Algorithm for Satellite Application", vol. 8, 2020 (Year: 2020). *
"Syed Jahanzer Hussain Pirzada", "Abid Murtaza", "Tongge Xu", "Liu Jianwei", "Architectural Optimization of Parallel, Authenticated Encryption Algorithm for Satellite Application" (Year: 2020). *
Berti et al., "Leakage-Resilient and Misuse-Resistant Authenticated Encryption," IACR Cryptology ePrint Archive, Paper 2016/996, 29 pages.
Dobraunig et al., "ISAP—Towards Side-Channel Secure Authenticated Encryption," IACR Transactions on Symmetric Cryptology 2017(1):80-105.
Goldreich et al., "How to Construct Random Functions," Journal of the Association for Computing Machinery 33(4):792-807, Oct. 1986.
Medwed et al., "Towards Super-Exponential Side-Channel Security with Efficient Leakage-Resilient PRFs," In: Prouff et al. (eds.) Cryptographic Hardware and Embedded Systems, CHES 2012—14th International Workshop, Leuven, Belgium, Sep. 9-12, 2012, Lecture Notes in Computer Science, vol. 7428, pp. 193-212, Springer, 2012.
Pirzada et al., "Architectural Optimization of Parallel Authenticated Encryption Algorithm for Satellite Application," IEEE Access 8:48543-48556, Mar. 5, 2020.

Also Published As

Publication number Publication date
EP4113894A1 (en) 2023-01-04
CN115603892A (en) 2023-01-13
IT202100016910A1 (en) 2022-12-28
US20220417012A1 (en) 2022-12-29
EP4113894B1 (en) 2024-06-05

Similar Documents

Publication Publication Date Title
JP6934963B2 (en) Data encryption methods and systems
US11546135B2 (en) Key sequence generation for cryptographic operations
CN101447870B (en) A private key secure storage method based on distributed password technology
CN105406969B (en) Data encryption device and method
KR102397579B1 (en) Method and apparatus for white-box cryptography for protecting against side channel analysis
US20060023875A1 (en) Enhanced stream cipher combining function
CN113098675B (en) Binary data encryption system and method based on polynomial complete homomorphism
Niederhagen et al. Practical post-quantum cryptography
WO2016088453A1 (en) Encryption apparatus, decryption apparatus, cryptography processing system, encryption method, decryption method, encryption program, and decryption program
WO2015166701A1 (en) Encryption method, program, and system
Moldovyan et al. Stream Deniable-Encryption Algorithms.
US12335373B2 (en) Method for performing cryptographic operations in a processing device, corresponding processing device and computer program product
CN116436600A (en) A method, device, equipment and storage medium for information source joint coding and encryption
US12206778B2 (en) Method for performing cryptographic operations in a processing device, corresponding processing device and computer program product
JP4611642B2 (en) Authentication system
Ruby et al. SANE: Secure encryption technique for alphanumeric data over web based applications
Charru et al. Improved Cryptography Algorithm to Enhanced Data Security
Radhakrishna et al. Digital Image Encryption and Decryption based on RSA Algorithm
Rahman et al. A multi-stage encryption technique using asymmetric and various symmetric ciphers
KR20110042419A (en) Block cipher operation method applicable to multimedia environment
Alsamurai et al. Improves RC6 algorithm with multi-chaotic maps for encryption text
KR20150114782A (en) Cryptography method using format-preserving components
JP2023152133A (en) Encryption device, encryption method and encryption program
Braddy Multiple Algorithm Aperiodic Cryptosystem
CN115603893A (en) Method, processing device and computer program product for performing cryptographic operations

Legal Events

Date Code Title Description
FEPP Fee payment procedure

Free format text: ENTITY STATUS SET TO UNDISCOUNTED (ORIGINAL EVENT CODE: BIG.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

AS Assignment

Owner name: STMICROELECTRONICS S.R.L., ITALY

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:SUSELLA, RUGGERO;REEL/FRAME:060466/0294

Effective date: 20220513

STPP Information on status: patent application and granting procedure in general

Free format text: DOCKETED NEW CASE - READY FOR EXAMINATION

STPP Information on status: patent application and granting procedure in general

Free format text: NON FINAL ACTION MAILED

STPP Information on status: patent application and granting procedure in general

Free format text: RESPONSE TO NON-FINAL OFFICE ACTION ENTERED AND FORWARDED TO EXAMINER

STPP Information on status: patent application and granting procedure in general

Free format text: NOTICE OF ALLOWANCE MAILED -- APPLICATION RECEIVED IN OFFICE OF PUBLICATIONS

STCF Information on status: patent grant

Free format text: PATENTED CASE